Allow setting Certificate secretTemplate (#426)

Co-authored-by: Jorge Turrado Ferrero <[email protected]>
kedacore · Apr 12, 2023 · eff0548 · eff0548
1 parent b335465
commit eff0548
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 0 deletions.
diff --git a/keda/README.md b/keda/README.md
@@ -215,6 +215,7 @@ their default values.
 | `certificates.certManager.enabled`                         | Enables Cert-manager for certificate management | `false` |
 | `certificates.certManager.generateCA`                      | Generates a self-signed CA with Cert-manager | `true` |
 | `certificates.certManager.caSecretName`                    | Secret name where the CA is stored (generatedby cert-manager or user given) | `kedaorg-ca` |
+| `certificates.certManager.secretTemplate`                  | [Labels or annotations to add to the secret generated](https://cert-manager.io/docs/usage/certificate/#creating-certificate-resources) by cert-manager | `{}` |
 
 
 Specify each parameter using the `--set key=value[,key=value]` argument to

diff --git a/keda/templates/41-cert-manager-self-ca.yaml b/keda/templates/41-cert-manager-self-ca.yaml
@@ -8,6 +8,8 @@ spec:
   isCA: true
   commonName: {{ .Values.operator.name }}
   secretName: {{ .Values.certificates.certManager.caSecretName }}
+  secretTemplate:
+    {{- toYaml .Values.certificates.certManager.secretTemplate | nindent 4 }}
   privateKey:
     algorithm: RSA
     size: 2048

diff --git a/keda/templates/43-cert-manager-keda-tls-certificate.yaml b/keda/templates/43-cert-manager-keda-tls-certificate.yaml
@@ -17,6 +17,8 @@ spec:
   - {{ .Values.webhooks.name }}.{{ .Release.Namespace }}.svc
   - {{ .Values.webhooks.name }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}
   secretName: {{ .Values.certificates.secretName }}
+  secretTemplate:
+    {{- toYaml .Values.certificates.certManager.secretTemplate | nindent 4 }}
   usages:
     - server auth
     - client auth

diff --git a/keda/values.yaml b/keda/values.yaml
@@ -448,6 +448,13 @@ certificates:
     # has to be annotated with 'cert-manager.io/allow-direct-injection: "true"'
     generateCA: true
     caSecretName: "kedaorg-ca"
+    # Add labels/annotations to secrets created by Certificate resources
+    secretTemplate: {}
+      # annotations:
+      #   my-secret-annotation-1: "foo"
+      #   my-secret-annotation-2: "bar"
+      # labels:
+      #   my-secret-label: foo
 
 permissions:
   metricServer: